What's New in Centrify Privilege Service 15.10
11-02-2015 03:26 PM
New option for securely storing passwords on-premises
You now have the option of using either Centrify’s secure storage in the cloud, or a key management appliance on-premises (or in the cloud) for encrypting and storing account passwords.
Privilege Service now supports the SafeNet KeySecure key management appliances from Gemalto.
All KeySecure models are supported; specifically, the K460 (with built-in HSM), K450, and K250 hardware models; and, Virtual KeySecure, available from leading cloud IaaS providers.
With the key management appliance option, account passwords are encrypted and stored by the appliance; there is no copy of the password stored in the cloud; and the customer holds the encryption keys, not Centrify.
SafeNet KeySecure appliances are available separately from Gemalto’s worldwide network of distributors and resellers.
Access request system
Centrify Privilege Service users can now request access to accounts for which they do not have administrative permissions. Users simply select the account and enter the reason for the request. Privilege Service notifies the request approver by e-mail, and includes information about the resource and the reason entered by the user.
On approval, Privilege Service will grant the user temporary, time-bound permission to a password checkout or remote management session. Privilege Service will notify the user by e-mail and (if approved) include a secure link to the checkout process or remote session.
Any Privilege Service user or group (including Active Directory users and groups) can be configured to act as the approver, globally or per-account.
Automatic, periodic password rotation
Password rotation is a process where existing managed passwords are changed to new, highly random passwords known only by the Privilege Service. Automatic and periodic password rotation enables organizations to align with a security policy that, for example, requires every password for a group of privileged accounts to be changed at least once every ninety days.
In this release, Privilege Service can now automatically and periodically rotate managed passwords.
Rotation intervals are defined in days by the user, and are configured by policy at the resource level.
Enhancements for unmanaged accounts
You can now directly modify a password for an unmanaged account. This enables you to manually synchronize changes to accounts that, because of the way these accounts are used within your infrastructure, must never be automatically updated by Privilege Service.
You can now disable the automatic health check for an unmanaged account. By default, Privilege Service periodically checks whether account passwords are synchronized; if not, the account fails the health check. Disabling the health check is convenient in certain circumstances; for example, when you know the passwords will not be synchronized for some period of time and you don’t want Privilege Service to alert you every time the check fails.
Community FAQ | Documentation | Support Portal | Centrify Trust | @CentrifySupport on Twitter
Giving Kudos is a great way to thank our community contributors!
Problem Solved? Click "Accepted as Solution" so this information can help other users.
These opinions are my own and do not necessarily reflect the views and opinions of my employer.